Blog
Klevu is Now ISO 27001:2022 Certified!
We’re super excited to announce that we’ve recently achieved ISO 27001:2022 certification! 🎉
What is ISO 27001?
It’s an international certification which outlines requirements for setting up, implementing, maintaining and continually improving an Information Security Management System (ISMS). It provides a systemic approach to managing information and its security. It isn’t just about IT, but our entire organisational security processes from people, to networking, data handling and everything in between!
Why does it matter?
With the digital world that we live in today cyber threats and technology risks exist more than before and are getting more sophisticated. Any business, regardless of size, could potentially be vulnerable. By pursuing the certification it shows we’ve implemented a high minimum standard of security and adopt best practices.
The journey to get here
Getting here has been a thorough and rigorous process. To give you an idea, here’s a basic overview of what we’ve done:
Gap Analysis: A comprehensive review where we assessed our security posture against the standard. It was at this point we also decided to wait for the 2022 version to be published, rather than relying only on 2013. This helped us identify where we needed improvements—a crucial step for our overall plan.
Risk Assessments (everywhere): We gained an understanding of the risks to our information assets by carrying out a wide risk assessment. This was to identify threats and vulnerabilities and helps us to priortise based on higher risk areas. Now risk assessment is embedded in the core of how we work.
Implementation: Following the risk assessments, we implemented a range of security controls and measures to mitigate the risks. These cover a range of areas from people, physical security, access controls to system controls.
Training and awareness: All employees needed to be aware of, and understand, their role in maintaining our information security. Ongoing training happened throughout the implementation and still does today.
Internal Audits: We formed an internal audit team who carried audits against all of the ISO 27001 controls and clauses to identify compliance, non compliance and opportunities for improvements. This provides a continuous way to monitor and review the effectiveness of our ISMS.
External Audit: The final step! We engaged with an independent certification body who took us through a thorough certification audit. It’s at the end of this process that our information security practices and policies were validated as meeting the ISO 27001:2022 requirements.
Here’s some of the ways this affects you
- Compliance: this helps us tick boxes that you may have to meet your own minimum security standards. It also shows we’ve been independently checked.
- Risk management: we’re regularly identifying and mitigating potential risks.
- Continuous improvement: we’re committed to continuously improving our security stance.
Looking forward
Achieving this certification is a significant milestone for us. But it isn’t the end of our journey. We’re committed to continually improving our ISMS and making changes as we adapt to an ever more digital world that enhances it even more.